Overview

overview

10

Static

static

7

dcb88fb46c...29.apk

android_x86

10

dcb88fb46c...29.apk

android_x64

10

dcb88fb46c...29.apk

android_x64

10

Analysis

  • max time kernel
    2377727s
  • max time network
    173s
  • platform
    android_x64
  • resource
    android-x64-arm64-20220310-en
  • submitted
    15-03-2022 13:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dcb88fb46c8d030c6f92dff0cd5e4c2f5bdf223070f2596c86a454f1adf00729.apk

  • Size

    2.0MB

  • MD5

    4043d73d75d220738d77843ff9be0247

  • SHA1

    4dcad01a821c3fd994b4b968b9a67c6f75181fcc

  • SHA256

    dcb88fb46c8d030c6f92dff0cd5e4c2f5bdf223070f2596c86a454f1adf00729

  • SHA512

    d8ed2f6ff17ef048bfb78ce2c9a465a29dcd3f9f4b3e88e36c1c5cb31c588ce08fc27306002b0f5a785d15d486e5838823e8d7a0b3d2f9ad97b6f1f2a485234d

Score
10/10
xenomorphbankerinfostealerransomwaretrojan

Malware Config

Extracted

Family

xenomorph

C2

simpleyo5.tk

simpleyo5.cf

kart12sec.ga

kart12sec.gq

Extracted

Family

xenomorph

Attributes
  • PackageNames

    com.android.vending

    com.google.android.gm

  • URLs

    https://homeandofficedeal.com/local/multi/com.android.vending.html

    https://homeandofficedeal.com/local/multi/com.google.android.gm.html

AES_key
AES_key
AES_key

Signatures

  • Xenomorph

    Xenomorph is an Android banking trojan that is seemingly tied with AlienBot.

    bankertrojaninfostealerxenomorph
  • Makes use of the framework's Accessibility service. 3 IoCs
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.token.jewel
    1⤵
    • Makes use of the framework's Accessibility service.
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:7071

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads